linux/meta-el-common.git/recipes-support, branch sumoCommmon distro layer for Enea Linuxhttps://git.enea.com/cgit/linux/meta-el-common.git/atom?h=sumo2018-09-17T06:21:19+00:00libpcre: 8.41 -> 8.422018-09-17T06:21:19+00:00Sona Sarmadisona.sarmadi@enea.com2018-09-17T06:21:19+00:00urn:sha1:bef574e8d1aedbbb99d0dea6f2d2b1e5166743ae
The update fixes CVE-2017-11164.
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-11164
Backport from upstream master branch.
Change-Id: I18acd817fa4385974749996685a5aeeb7506d474
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
curl: Drop CVE patches2018-05-03T12:29:23+00:00Martin Borgmartin.borg@enea.com2018-05-03T12:29:23+00:00urn:sha1:8c928bbadf6ae0e6dc2705ed57c89eb2e6810197
curl was upgraded to 7.58.0 on upstream poky rocko branch
and this version already contains all our CVE patches.
Signed-off-by: Martin Borg <martin.borg@enea.com>
curl: fix for CVE-2018-10000052018-03-13T09:08:13+00:00Sona Sarmadisona.sarmadi@enea.com2018-03-13T07:22:11+00:00urn:sha1:7084be4c7f3276f70ff28a60a123d0523c9a1f96
Out-of-bounds read in code handling HTTP/2 trailers
References:
https://curl.haxx.se/docs/adv_2018-824a.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005
Affects libcurl 7.49.0 to and including 7.57.0
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
curl: fixed build error2018-03-02T09:13:27+00:00Sona Sarmadisona.sarmadi@enea.com2018-03-02T08:32:43+00:00urn:sha1:ac783c78f47080c3b28b964c1d052079a0c7a21e
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
curl: Drop CVE patches2018-03-01T09:51:32+00:00Martin Borgmartin.borg@enea.com2018-03-01T09:49:49+00:00urn:sha1:41dcb36cac7813c0c2a5a7c1c1535a61caaab233
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
freetype/libarchive/gnutls: Drop CVE patches2018-03-01T09:42:05+00:00Martin Borgmartin.borg@enea.com2018-03-01T09:39:47+00:00urn:sha1:b6d4cd74cebeded8a49c06c6d7a52c32769f3ed8
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
curl: security fix for CVE-2017-88172017-12-06T10:34:56+00:00Sona Sarmadisona.sarmadi@enea.com2017-12-04T10:57:40+00:00urn:sha1:c207a4bc5d80dae6cc430df04bddaceac04687e6
FTP wildcard out of bounds read
References:
https://curl.haxx.se/docs/adv_2017-ae72.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
curl: security fix for CVE-2017-88162017-12-06T10:34:56+00:00Sona Sarmadisona.sarmadi@enea.com2017-12-04T10:57:39+00:00urn:sha1:0d571b4ef52c14ca5ea8faa1d6ffb7ec4992f9e8
NTLM buffer overflow via integer overflow
References:
https://curl.haxx.se/docs/adv_2017-12e7.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
curl: Security fix for CVE-2017-10002572017-12-06T10:34:56+00:00Sona Sarmadisona.sarmadi@enea.com2017-12-04T10:57:38+00:00urn:sha1:fac9f6136eed7dcba3d09c04f58bdcc0694c7437
IMAP FETCH response out of bounds read
References:
https://curl.haxx.se/docs/adv_20171023.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
curl: Security fix for CVE-2017-10002542017-12-06T10:34:56+00:00Sona Sarmadisona.sarmadi@enea.com2017-12-04T10:57:37+00:00urn:sha1:be2fdb1cf46dfb5b14b98378ce5a5360afc734a7
FTP PWD response parser out of bounds read
References:
https://curl.haxx.se/docs/adv_20171004.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>